Virtual Security: VMware remote authentication

Ensure virtual security, harden VMware's remote authentication by changing VMware GSX Server's Remote Console port number as described in this excerpt from Virtualization: From the Desktop to the Enterprise.

IT reseller takeaway: Harden remote authentication in VMware GSX Servers by changing the Remote Console default port numbers. Learn how in this excerpt from
Virtualization: From the Desktop to the Enterprise.

If you're wondering if you can force the Remote Console authentication daemon (vmware-authd) to use a different port number, you can. In addition, if you want to take a minute to beef up security on your GSX Server, you should change the default port. Though a ping-sweep on your network may enumerate open ports on your server, changing the default port of GSX Server's Remote Console port will keep someone from specifically targeting the default port of 902. Don't select a common port, such as ports less than 1024. These ports are already assigned to common services, such as ports 25 (SMTP), 80 (HTTP), and 443 (HTTPS). To change the port, you'll need to follow these steps at the CLI:

Download this free guide

Could Securing Your Channel Business Be Easier? We Can Help.

Download our latest guide to the top strategies solution providers can leverage for starting up and securing a cloud practice, successful approaches to selling and marketing cloud, and why it is urgent for partners to transition now.

GSX Server guests will be managed from the port you specified. Now, you'll need to use the VMware Remote Console application to connect to guest VMs. When connecting to the server, you'll need to specify your port number in the Connection field in addition to the IP address (for example, 10.10.5.136 9876). After entering your information, select Connect to proceed.

After connecting to your GSX Server though the Remote Console application, you can verify the port change. For instance, from within a Windows operating system such as Windows XP, you can execute the netstat command at the command line with the –n option, netstat –n. Under the Foreign Address column, locate your server's IP address and verify that the port being used is correct.

If you don't want to have to specify the port number to use when using Remote Console, you can configure it to use a specific port automatically. For Windows systems, create a file and label it config.ini. Place the file in C:Documents and SettingsAll UsersApplication DataVMwareVMware Remote Console. The file should have one line of code: authd.client.port = <portNumber>

If you're using a Linux client to connect to your host, you'll need to modify either /etc/vmware-console/config or /usr/lib/vmware-console/config. Add the following line of code: authd.client.port = <portNumber>

Chris Wolf is an instructor at ECPI Technical College, as well as a leading industry consultant in enterprise storage, virtualization solutions, and network infrastructure management. He has a master's degree in information technology from Rochester Institute of Technology, and his IT certification list includes MCSE, MCT, and CCNA. Wolf authored MCSE Supporting and Maintaining NT Server 4.0 Exam Cram, Windows 2000 Enterprise Storage Solutions and Troubleshooting Microsoft Technologies, and he contributes frequently to Redmond Magazine and Windows IT Pro Magazine. Wolf also speaks at computer conferences across the nation.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy